Reputation: 760
Retrieving original destination from iptables after REDIRECT
I'm writing an application proxy for generic use.
I want to use this as a transparent proxy, where my original plan is to use iptables with a REDIRECT rule forward all connections to my application proxy.
The problem here is of course, that my application proxy lose the information about the intended destination.
Is it possible to query iptables to retrieve the originally intended recipient? Any other possible solution to this problem is also appreciated!
Upvotes: 9
Views: 4669
Answers (1)
Reputation: 34308
Perhaps this is what you were looking for?
http://www.network-builders.com/iptables-redirect-original-destination-ip-t69515.html
Read the
SO_ORIGINAL_DSToption of the TCP socket.
Or look up the connection tracking table in /proc/net/ip_conntrack.
#include <linux/netfilter_ipv4.h>
struct sockaddr_in addr;
socklen_t addr_sz = sizeof(addr);
memset(&addr, 0, addr_sz);
addr.sin_family = AF_INET;
getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, &addr, &addr_sz);
I think you should be able to convert that to something similar for python.
Upvotes: 17
Related Questions
- with iptables forwarding port to other client but with recognition of original sender ip
- Python/iptables: Original Destination IP
- Redirect outgoing connection to localhost
- How to reinject the packet in the Iptables?
- Iptables to modify source ip. Nothing in POSTROUTING chain log
- understanding netfilter REDIRECT Target
- Browser's Redirection
- redirecting TCP stream to another client
- How to get original destination port of redirected UDP message?
- iptables port redirection